AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

ACCA develops "risk gearbox"

A new report from the Association of Chartered Certified Accountants (ACCA) reveals how board-level risk management activities vary in organisations as a result of internal and external factors. The report, "Risk and performance: Embedding risk management", highlights common challenges and good practices to overcome risk management difficulties.

The study combines findings from four case studies, including interviews, along with a review of current academic literature. The insights were consolidated to create the "risk gearbox", a conceptual model for embedding risk management in organisations. It shows how formal and informal risk management mechanisms combine to create "strategic thrust" to support board decisions on strategic risk-taking and control. It also recommends ways for organisations to improve the effectiveness of their risk-management arrangements.

Key recommendations include:

  • Effective risk-management requires the use of complementary formal and informal mechanisms to achieve strategic objectives.
  • Communication is vital between business units and functions, as well as to/from the risk-management function and internal audit function.
  • The risk-management function has a pivotal role in communication and building risk-management relationships.

“Organisations in every sector, whether large or small, simple or complex, invest time and resources in managing risk. This new report finds effective risk management is an essential element in the success or failure of these organisations but it cannot be effective if it is not embedded," said Jamie Lyon, ACCA’s interim director of professional insights. "There are no easy answers or quick fixes when embedding risk management. Given the variety of means available, organisations must allow risk-management practices to evolve to their needs.”

Dr Simon Ashby from Vlerick Business School, the lead researcher on the report said: “Our report shows that embedding risk management is about more than monitoring risk metrics, risk and control assessment or independent oversight from the risk function. Staff within organisations need to believe that the tools of risk management and the work of the risk function add value. To achieve this, risk managers must be experts in social networking and relationship building. It is hard to achieve technical expertise in the formal tools of risk management and in the informal aspects of human relations, but we observed four risk functions that were successful in doing both.”

This article was first published in May 2019.